Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000034265 - RSA Authentication Manager 8.1 and 8.2 show a system message that administrator "trustedapp" attempted to update a principal, Failure Unexpected directory operation failure

Document created by RSA Customer Support

on Nov 9, 2016•Last modified by RSA Customer Support

on Apr 21, 2017

Version 3Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000034265
Applies To	RSA Product Set: SecurID RSA Product/Service Type: Authentication Manager RSA Version/Condition: 8.1.0, 8.1.1, 8.2.0
Issue	Authentication Manager 8.1 SP1 and 8.2 display the following system messages: Description: Administrator "trustedapp" attempted to update a principal Activity Result Key: Failure, Result: Unexpected directory operation failure Component Key: system.com.rsa.ims.admin.dal.ldap.BaseAccessLDAP Arg1: AD Arg2: cn=riddick\, rena a.,ou=endusers,ou=div17,ou=hqhq,dc=fbi,dc=gov Exception: javax.naming.NoPermissionsException: [LDAP: error code 50 - 00000005: SecErr: DSID-031A1256, problem 4003 (INSUFF_ACCESS_RIGHTS)
Cause	These errors will display if, An Authentication Manager administrator attempted to change an LDAP user's password in the Security Console, or A user attempted to change their own LDAP password through the agent, but the external identity source directory user ID does not have write permissions into LDAP.
Resolution	If you want your deployment to allow updates to Windows passwords through the RSA Security Console or through Windows agents, From the Operations Console, navigate to Deployment Configuration > Identity Sources > Manage Existing and click on the identity source that you wish to update. Select Edit. Scroll to the Identity Source Directory Connection and define an external identity source user ID account, also called a binding account, that has write permissions to the AD. Use LDAPS (with a certificate) for the identity source directory connection (Deployment Configuration > Identity Source Certificates > Add New). For more information, please review this article on Identity Source SSL Certificates.

Attachments

Outcomes

0 Comments

Recommended Content